reports that misconfigurations
have been identified in over 8,000 servers with log-in credentials, configuration files, database backups, and other sensitive data, indicating the elevated prevalence of servers that could be vulnerable to cyberattacks.
Meanwhile, no authentication requirements were found in more than 18,000 comma-separated value files and over 2,000 structured query language database files, a report from Censys revealed.
Aside from emphasizing that many data breaches have stemmed from human error, the findings also shed light on the presence of thousands of internet-exposed devices impacted by widely known vulnerabilities but have not been patched as they have reached end-of-life.
"The often unglamorous work of asset, vulnerability, and patch management is critical for helping reduce an organization's attack surface. The security issues we've explored in this report aren't a result of zero days or other advanced exploits, but rather misconfiguration and exposure issues that are likely a result of simple mistakes or configuration errors," said Censys.